diff --git a/CVE-2021-45463.patch b/CVE-2021-45463.patch new file mode 100644 index 0000000000000000000000000000000000000000..68ddb7435a43fa86247751bb949fa69f0c001a4a --- /dev/null +++ b/CVE-2021-45463.patch @@ -0,0 +1,146 @@ +From 4201cf60b15fc1883e2bb5d61ff42837576af4bf Mon Sep 17 00:00:00 2001 +From: Jehan +Date: Sat, 18 Dec 2021 23:57:23 +0100 +Subject: [PATCH] =?UTF-8?q?plug-ins:=20in=20file-gegl,=20use=20the=20accur?= + =?UTF-8?q?ate=20load/save=20GEGL=20operation=E2=80=A6?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +… rather than generic "gegl:load" and "gegl:save". + +In particular, it means using "gegl:rgbe-load|save" for RGBE images and +"gegl:exr-save" for EXR exporting. + +Without this, we could encounter weird run cases where for instance, we +would detect a RGBE image through the file magic number in GIMP, +redirect the load to file-gegl, but "gegl:load" only relies on file +extension. So if the file extension was not ".hdr", "gegl:load" could +redirect to a different handler operation meant for another format, +hence break proper loading. If no extension was matched, it could even +redirect to a fallback handler, such as Image Magick. + +This breaks loading or saving images which we would be otherwise able to +load/save. And it could also have some security implications. So let's +fix this by setting the accurate operations to use for each specific +file formats we want to support through the file-gegl plug-in. + +Note: this is the gimp-2-10 version of commit e8a31ba4f2c (`master` +branch) adapted to the older 2.10 API. +--- + plug-ins/common/file-gegl.c | 27 +++++++++++++++++++-------- + 1 file changed, 19 insertions(+), 8 deletions(-) + +diff --git a/plug-ins/common/file-gegl.c b/plug-ins/common/file-gegl.c +index 48beffcd5e1..978c7e7315b 100644 +--- a/plug-ins/common/file-gegl.c ++++ b/plug-ins/common/file-gegl.c +@@ -46,10 +46,12 @@ struct _FileFormat + const gchar *load_proc; + const gchar *load_blurb; + const gchar *load_help; ++ const gchar *load_op; + + const gchar *save_proc; + const gchar *save_blurb; + const gchar *save_help; ++ const gchar *save_op; + }; + + +@@ -60,8 +62,10 @@ static void run (const gchar *name, + gint *nreturn_vals, + GimpParam **return_vals); + static gint32 load_image (const gchar *filename, ++ const gchar *gegl_op, + GError **error); + static gboolean save_image (const gchar *filename, ++ const gchar *gegl_op, + gint32 image_ID, + gint32 drawable_ID, + GError **error); +@@ -77,11 +81,13 @@ static const FileFormat file_formats[] = + + "file-load-rgbe", + "Load files in the RGBE file format", +- "This procedure loads images in the RGBE format, using gegl:load", ++ "This procedure loads images in the RGBE format, using gegl:rgbe-load", ++ "gegl:rgbe-load", + + "file-save-rgbe", + "Saves files in the RGBE file format", +- "This procedure exports images in the RGBE format, using gegl:save" ++ "This procedure exports images in the RGBE format, using gegl:rgbe-save", ++ "gegl:rgbe-save", + }, + { + N_("OpenEXR image"), +@@ -90,11 +96,12 @@ static const FileFormat file_formats[] = + "0,lelong,20000630", + + /* no EXR loading (implemented in native GIMP plug-in) */ +- NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, + + "file-exr-save", + "Saves files in the OpenEXR file format", +- "This procedure saves images in the OpenEXR format, using gegl:save" ++ "This procedure saves images in the OpenEXR format, using gegl:exr-save", ++ "gegl:exr-save" + } + }; + +@@ -216,7 +223,7 @@ run (const gchar *name, + + if (format->load_proc && !strcmp (name, format->load_proc)) + { +- image_ID = load_image (param[1].data.d_string, &error); ++ image_ID = load_image (param[1].data.d_string, format->load_op, &error); + + if (image_ID != -1) + { +@@ -263,7 +270,9 @@ run (const gchar *name, + break; + } + +- if (! save_image (param[3].data.d_string, image_ID, drawable_ID, ++ if (! save_image (param[3].data.d_string, ++ format->save_op, ++ image_ID, drawable_ID, + &error)) + { + status = GIMP_PDB_EXECUTION_ERROR; +@@ -293,6 +302,7 @@ run (const gchar *name, + + static gint32 + load_image (const gchar *filename, ++ const gchar *gegl_op, + GError **error) + { + gint32 image_ID = -1; +@@ -315,7 +325,7 @@ load_image (const gchar *filename, + graph = gegl_node_new (); + + source = gegl_node_new_child (graph, +- "operation", "gegl:load", ++ "operation", gegl_op, + "path", filename, + NULL); + sink = gegl_node_new_child (graph, +@@ -447,6 +457,7 @@ load_image (const gchar *filename, + + static gboolean + save_image (const gchar *filename, ++ const gchar *gegl_op, + gint32 image_ID, + gint32 drawable_ID, + GError **error) +@@ -465,7 +476,7 @@ save_image (const gchar *filename, + "buffer", src_buf, + NULL); + sink = gegl_node_new_child (graph, +- "operation", "gegl:save", ++ "operation", gegl_op, + "path", filename, + NULL); + diff --git a/gimp.spec b/gimp.spec index dec0c778c9461b2293dd940d7ef7fa0fb1578e0e..1b9988521ea2b7e56ed9e7dec9055330a3912bd4 100644 --- a/gimp.spec +++ b/gimp.spec @@ -1,6 +1,6 @@ Name: gimp Version: 2.10.6 -Release: 8 +Release: 9 Epoch: 2 Summary: A versatile graphics manipulation package License: GPLv3+ and GPLv3 @@ -8,6 +8,7 @@ URL: http://www.gimp.org/ Source0: http://download.gimp.org/pub/gimp/v2.10/gimp-2.10.6.tar.bz2 Patch6000: backport-CVE-2018-12713.patch +Patch6001: CVE-2021-45463.patch %global apiversion 2.0 %global textversion 20 @@ -254,6 +255,9 @@ make check %{?_smp_mflags} %{_mandir}/man*/* %changelog +* Fri Jan 07 2022 yaoxin - 2:2.10.6-9 +- Fix CVE-2021-45463 + * Tue May 19 2020 fengtao - 2:2.10.6-8 - rebuild for libwebp-1.1.0